ingress

概念

k8s的對外服務(wù)，ingress

service作用現(xiàn)在兩個方面：

1、集群內(nèi)部：不斷跟蹤的變化，更新endpoint中的pod對象，基于pod的ip地址不斷變化的一種服務(wù)發(fā)現(xiàn)機(jī)制。

2、集群外部：類似于負(fù)載均衡器，把流量（ip+端口），不涉及轉(zhuǎn)發(fā)url（http https），把請求轉(zhuǎn)發(fā)到pod當(dāng)中。

service：

NodePort: 容器端口-----service端口-----NodePort,設(shè)定了nodeport,每個節(jié)點都會有一個端口被打開30000-32767

ip+端口: 節(jié)點ip+30000-32767.s實現(xiàn)負(fù)載均衡

loadbalancer: 云平臺上的一種service服務(wù)。云平臺提供負(fù)載均衡ip地址

extrenal: 域名映射

ingress：

ingress基于城名進(jìn)行映射，把url(http https)請求轉(zhuǎn)發(fā)到service，再由service把請求轉(zhuǎn)發(fā)到每一個pod.

ingress只要一個或者少量的狗官網(wǎng)ip或者LB，可以把多個http請求暴露到外網(wǎng)，七層反向代理。

service的service是一個基于域名和url路徑，把一個或多個請求轉(zhuǎn)發(fā)到service

ingress轉(zhuǎn)發(fā)請求（七層）----service（四層）----pod

ingress的組成：

ingress是一個api對象，通過yaml文件來進(jìn)行配置。ingress的作用是定義請求如何轉(zhuǎn)發(fā)到service的規(guī)則，配置模板

ingress通過http和https暴露集群內(nèi)部的service，給service提供一個外部的url，負(fù)載均衡，ssl/tls（https）的能力，實現(xiàn)一個基于域名的負(fù)載均衡。

ingress-controller：

具體的實現(xiàn)反向代理和負(fù)載均衡的程序。對ingress定義的規(guī)則進(jìn)行解析，根據(jù)ingress的配置規(guī)則進(jìn)行請求的轉(zhuǎn)發(fā)。

ingress-controller：不是k8s自帶的組件功能，ingress-controller一個統(tǒng)稱。

nginx ingress controller，traefik都是ingress-controller，開源

ingress資源的定義項：

1、定義外部流量的路由規(guī)則

2、定義了服務(wù)暴露方式，主機(jī)名、url訪問路徑和其他屬性

3、負(fù)載均衡（ingress-controller）

ingress-controller的運行方式是pod方式運行在集群當(dāng)中

nginx-ingress-controller:

ingressbao露服務(wù)的方式：

1、方式一：deployment+LoadBalancer

deployment+LoadBalancer模式：ingress部署在公有云。會ingress里面會有一個type，type：LoadBalancer。公有云平臺會為loadBalancer的service創(chuàng)建一個負(fù)載均衡器。綁定一個公網(wǎng)地址。

通過域名指向這個公網(wǎng)地址就可以實現(xiàn)集群對外暴露。

2、方式二：DaemonSet+hostnetwork+nodeSelector

DaemonSet：在每個節(jié)點都會創(chuàng)建一個pod

hostnetwork：pod共享節(jié)點主機(jī)的網(wǎng)絡(luò)命令空間。容器內(nèi)直接使用節(jié)點主機(jī)的ip+端口。pod直接訪問主機(jī)上的的網(wǎng)絡(luò)資源。

nodeSelector: 根據(jù)標(biāo)簽來選擇部罷的節(jié)點。nginx-ingress-controller部罷的節(jié)點。

缺點：直接利用節(jié)點上的主機(jī)的網(wǎng)絡(luò)和端口，一個node只能部署一個ingress-controller pod 比較適合大并發(fā)的生產(chǎn)環(huán)境，性能最好。

為什么適合大并發(fā)？？

pod共享節(jié)點主機(jī)的網(wǎng)絡(luò)資源

客戶端發(fā)起請求域名將先到DNS
DNS開始解析域名。映射到ingress-controller所在的節(jié)點
ingress-controller以pod形式運行在節(jié)點上。hostnetwork可以和節(jié)點主機(jī)共享網(wǎng)絡(luò)
ingress的配置來定義URL的地址
根據(jù)ingress的標(biāo)簽匹配將請求轉(zhuǎn)發(fā)到service
service尋找endpoints發(fā)現(xiàn)匹配能夠轉(zhuǎn)發(fā)的pod
最終還是由ingress-controller將請求轉(zhuǎn)發(fā)到不同的pod上。實現(xiàn)負(fù)載均衡
service和endpoints在這里起發(fā)現(xiàn)和監(jiān)控的總用
實際的負(fù)載均衡由ingress-controller實現(xiàn)

master01--
wget https://gitee.com/mirrors/ingress-nginx/raw/nginx-0.30.0/deploy/static/mandatory.yaml
修改mandatory.yaml
vim mandatory.yaml 
191 #kind: Deployment
192 kind: DaemonSet
200 #  replicas: 1
215       hostNetwork: true
220         test1: "true"
 
 
每臺節(jié)點主機(jī)都添加nginx-ingress-controller鏡像
tar -xf ingree.contro-0.30.0.tar.gz
docker load -i ingree.contro-0.30.0.tar
 
master01--
kubectal get pod -n ingress-nginx
 
kubectl label nodes node02 ingress=true
 
kubectl apply -f mandatory.yaml

在node02做映射

vim nginx.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: nfs-client-storageclass
  resources:
    requests:
      storage: 2Gi
 
---
#定義pod
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app
  labels:
    app: nginx1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx1
  template:
    metadata:
      labels:
        app: nginx1
    spec:
      containers:
        - name: nginx
          image: nginx:1.22
          volumeMounts:
          - name: nfs-pvc
            mountPath: /usr/share/nginx/html
      volumes:
      - name: nfs-pvc
        persistentVolumeClaim:
          claimName: nfs-pvc
 
---
#定義service
 
apiVersion: v1
kind: Service
metadata:
  name: nginx-app-svc
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  selector:
    app: nginx1
 
---
#定義ingress
 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-app-ingress
spec:
  rules:
  - host: www.test1.com
    http:
      paths:
      - path: /
#匹配工作目錄的根目錄
        pathType: Prefix
#根據(jù)前綴進(jìn)行匹配 只要是/開頭的都可以匹配到例如/ www.test1.com/www1/www2/www3
        backend:
#指定后臺服務(wù)器
          service:
            name: nginx-app-svc
            port:
              number: 80

查看掛載目錄--192.168.10.40
echo 123 > index.html

訪問
curl www.test2.com

3、方式三：demployment+nodePort

master01---
vim mandatory.yaml 
191 kind: Deployment
215       #hostNetwork: true
200   replicas: 1
219         kubernetes.io/os: linux
220         #test1: "true"
 
kubectl apply -f mandatory.yaml 
 
wget https://gitee.com/mirrors/ingress-nginx/raw/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml
#獲取service-nodeport.yaml文件

mandatory.yaml?

service-nodeport.yaml

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

---
#現(xiàn)在執(zhí)行這個yaml文件，會生成一個service,在ingress-nginx這個命名空間生成一個service,所有的controller的請求都會
#從這個定義的service的nodeport的端口，把請求轉(zhuǎn)發(fā)到自定義的service的pod

vim nodeport.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-pvc2
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: nfs-client-storageclass
  resources:
    requests:
      storage: 2Gi
 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app2
  labels:
    app: nginx2
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx2
  template:
    metadata:
      labels:
        app: nginx2
    spec:
      containers:
        - name: nginx
          image: nginx:1.22
          volumeMounts:
          - name: nfs-pvc2
            mountPath: /usr/share/nginx/html
      volumes:
      - name: nfs-pvc2
        persistentVolumeClaim:
          claimName: nfs-pvc2
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-app-svc1
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  selector:
    app: nginx2
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-app-ingress
spec:
  rules:
  - host: www.test2.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-app-svc1
            port:
              number: 80
 
kubectl apply -f nodeport.yaml
 

查看掛載目錄--192.168.10.40
echo lyw > index.html

在node02做映射

訪問
curl www.test2.com:31679

nodeport不再是deployment的service創(chuàng)建的

核心的控制組件時nginx-ingress-controller

host----ingress的配置找到pod----controller----把請求發(fā)到pod

nodeport-----controller-----ingress----service----pod

nodeport暴露端口的方式是最簡單的。nodeport多了一層net(地址轉(zhuǎn)換)

并發(fā)量大的對性能會有一定影響。內(nèi)部都會用nodeport
?

通過虛擬主機(jī)的方式實現(xiàn)http代理：

ingress的方式實現(xiàn)：一個ingress可以實現(xiàn)不同主機(jī)的訪問

實驗舉例：

pod1.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment
  labels:
    test: nginx1
spec:
  replicas: 1
  selector:
    matchLabels:
      test: nginx1
  template:
    metadata:
      labels:
        test: nginx1
    spec:
      containers:
        - name: nginx1
          image: nginx:1.22
---
apiVersion: v1
kind: Service
metadata:
  name: svc-1
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    test: nginx1

pod2.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment2
  labels:
    test: nginx2
spec:
  replicas: 1
  selector:
    matchLabels:
      test: nginx2
  template:
    metadata:
      labels:
        test: nginx2
    spec:
      containers:
        - name: nginx1
          image: nginx:1.22
---      
apiVersion: v1
kind: Service 
metadata:
  name: svc-2 
spec:        
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector: 
    test: nginx2

ingress1-2.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress1
spec:
  rules:
    - host: www.test1.com
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: svc-1
              port:
                number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress2
spec:
  rules:
    - host: www.test1.com
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: svc-2
              port:
                number: 80

做映射

kubectl apply -f pod1.yaml
kubectl apply -f pod2.yaml
kubectl apply -f ingress1-2.yaml

curl www.test1.com:31679
curl www.test2.com:31679

daemonset+hostnetwork+nodeselector實現(xiàn)訪問多個主機(jī)

實驗舉例：

nginx-service.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: nfs-client-storageclass
  resources:
    requests:
      storage: 2Gi

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app
  labels:
    app: nginx1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx1
  template:
    metadata:
      labels:
        app: nginx1
    spec:
      containers:
        - name: nginx
          image: nginx:1.22
          volumeMounts:
          - name: nfs-pvc
            mountPath: /usr/share/nginx/html
      volumes:
      - name: nfs-pvc
        persistentVolumeClaim:
          claimName: nfs-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-app-svc
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  selector:
    app: nginx1
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-app-ingress
spec:
  rules:
  - host: www.test1.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-app-svc
            port:
              number: 80

nginx-service2.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-pvc1
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: nfs-client-storageclass
  resources:
    requests:
      storage: 2Gi

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app2
  labels:
    app: nginx2
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx2
  template:
    metadata:
      labels:
        app: nginx2
    spec:
      containers:
        - name: nginx
          image: nginx:1.22
          volumeMounts:
          - name: nfs-pvc1
            mountPath: /usr/share/nginx/html
      volumes:
      - name: nfs-pvc1
        persistentVolumeClaim:
          claimName: nfs-pvc1
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-app-svc2
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  selector:
    app: nginx2
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-app-ingress2
spec:
  rules:
  - host: www.test2.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-app-svc2
            port:
              number: 80

查看掛載目錄--192.168.10.40
echo 123 > index.html
#連個pv都要寫index.html

kubectl apply -f mandatory.yaml
kubectl apply -f nginx-service.yaml
kubectl apply -f nginx-service2.yaml

總結(jié)

ingress-controller兩種方式：nginx-ingress-controller、traefik

ingress-controller的三種工作模式：

deployment+loadbalancer：需要云平臺提供一個負(fù)載均衡的公網(wǎng)地址。公有云上做。需要收費

daemonset+hostnetwork+nodeselector：一般都會指定節(jié)點部署controller。缺點就是和宿主機(jī)共享網(wǎng)絡(luò)，只能是一個controller的pod

hostnetwork會和宿主機(jī)共享網(wǎng)絡(luò)。所以需要指定標(biāo)簽

deployment+NodePort：這是最常用最簡單的方式。他會集中一個nodeport端口，所有ingress的請求都會轉(zhuǎn)發(fā)到nodeport。然后由service將流量轉(zhuǎn)發(fā)到pod

一個ingress的nodeport可以實現(xiàn)訪問多個虛擬主機(jī)。和nginx類似。同一個端口下可以有多個域名
?文章來源地址http://www.zghlxwxcb.cn/news/detail-804785.html

到了這里，關(guān)于k8s---ingress對外服務(wù)（ingress-controller）的文章就介紹完了。如果您還想了解更多內(nèi)容，請在右上角搜索TOY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！